Upload
afya
View
25
Download
3
Tags:
Embed Size (px)
DESCRIPTION
Computer Forensics and Cultural Heritage. Matthew Kirschenbaum University of Maryland. sponsored by the Andrew W. Mellon Foundation. - PowerPoint PPT Presentation
Citation preview
Matthew KirschenbaumUniversity of Maryland
sponsored by the
Andrew W. Mellon Foundation
Seamus Ross Luciana Duranti Stephen Eniss Cal Lee Brad Glisson Patricia Galloway Susan Thomas Peter Hornsby Michael Olson Jeremy Leighton John Simson Garfinkel Barbara Guttman Leo Scanlon Leslie Johnston Amy Friedlander Cliff Lynch
"Despite its origins in law enforcement, security and other
areas seemingly far removed from the cultural heritage sector, we saw an amazing degree of convergence between the professional forensics community and attendees charged with the stewardship of born digital
materials from arts, humanities, and personal archives.”
sponsored by the
Andrew W. Mellon Foundation
o Matthew Kirschenbaumo Associate Professor of English and Associate
Director, Maryland Institute for Technology in the Humanities, University of Maryland
o Richard Ovendeno Associate Director, Bodleian Library, Oxford
o Gabriela Redwineo Archivist and Electronic Records Specialist,
Harry Ransom Center, The University of Texas at Austin
o Rachel Donahue (Research Assistance)o Doctoral Candidate, University of Maryland
College of Information Studies
o Luciana Durantio Professor, School of Library, Archival and Information
Studies, University of British Columbiao Bradley Glisson
o Director and Lecturer, Computer Forensics and e-Discovery, Humanities Advanced Technology and Information Institute, University of Glasgow
o Cal Leeo Assistant Professor, School of Information and Library
Science, University of North Carolina, Chapel Hillo Rob Maxwell
o Lead Incident Handler, Office of Information Technology and Founder, Digital Forensic Lab, University of Maryland
o Doug Resideo Associate Director, Maryland Institute for Technology in
the Humanitieso Susan Thomas
o Digital Archivist, Bodleian Library, Oxford
Proposed to Mellon early 2009
Funded July 2009 Research and Writing
through April 2010 Symposium May 2010 Revisions June-August
2010 Submission to CLIR
August 2010 Publication late 2010
Archives and Cultural Heritage Professionals (Manuscript Repositories)
Technical Forensics Community
Textual Scholars
Funders
Donors
Introduce Computer Forensics to Cultural Heritage Community
Identify Points of Convergence
Create Basis for Further Contact and Collaboration
“Computer forensics involves the
preservation, identification, extraction,
documentation, and interpretation of
computer data.”
–Kruse and Heiser, Computer Forensics:
Incident Response Essentials (2002)
“It’s not at all like what you see on “CSI.” Computer forensics can be tiresome, dreary, boring, and downright drudgery. Performing a competent
analysis can take days, weeks, or even months depending upon the subject, the condition and state of the hard drive, or the importance of the case. For
that time period, the examiner is literally trying on the subject’s life, wearing it like a costume for eight or more hours a day. Everything someone
likes, hates, is interested in, fantasizes about, or fetishes goes through his or her keyboard at one point or another. Think about every email message you’ve ever written…every chat you’ve ever typed…every website you’ve
ever visited…every phrase you’ve ever searched for online.
“Seriously…think about it. I’ll give you a moment.
“Now think about me reading and seeing it all. That should scare you a little bit, and if it didn’t, you’re probably lying to yourself. It’s okay. Most people
do.”http://www.forensicfocus.com/the-darker-side-of-computer-forensics
Diplomatics Questioned
Document Examination
Analytical and Descriptive Bibliography
“Wherever he steps, whatever he touches, whatever he leaves, even unconsciously, will
serve as a silent witness against him. Not only his fingerprints or his footprints, but his hair, the fibers from his clothes, the glass he breaks, the tool mark he leaves, the paint he scratches, the
blood or semen he deposits or collects. All of these and more, bear mute witness against him.
This is evidence that does not forget. It is not confused by the excitement of the moment. It is
not absent because human witnesses are. It is factual evidence. Physical evidence cannot be
wrong, it cannot perjure itself, it cannot be wholly absent. Only human failure to find it,
study and understand it, can diminish its value.”
—Paul L. Kirk. 1953. Crime investigation: physical evidence and the police laboratory.
Interscience Publishers, Inc.: New York.
“The first step is preservation, where we attempt to preserve the
crime scene so that the evidence is not lost. In the physical world,
yellow tape is wrapped around the scene. In a digital world, we make a
copy of memory, power the computer off, and make a copy of the hard disk. In some cases, the computer cannot be powered off and instead suspicious processes are killed and steps are taken to
ensure that known evidence is copied and preserved.”
--Brian Carrierhttp://www.digital-evidence.org/di_basics.html
File System Forensics
Network Forensics Incident Response Intrusion
Detection Web Forensics Mobile Forensics
“Data remanence is the residual physical representation of data that has been in some way erased.”--A Guide to Understanding Data Remanence in Automated Information Systems
http://www.fas.org/irp/nsa/rainbow/tg025-2.htm
“Secure file deletion on Windows platforms is a
major exercise, and can only be part of a secure
‘wipe’ of one’s entire hard disk. Anything less
than that is likely to leave discoverable electronic
evidence behind.”
-- Michael Caloyannides, Computer Forensics and
Privacy (Norwood, MA: Artech House, 2001), 28
Authenticity and Integrity
Discovery Redaction Data recovery
British Library Bodleian Stanford Emory UT Austin (and
Ransom Center) MITH at Maryland
Terminology Expense Training “Smoking Gun”
Fallacy Ethics
http://mith.info/forensics